Cybersecurity NIST Controls Implementation

A ransomware attack on a state health agency disrupted critical public services for months, cost over $48 million in direct remediation, and forced the state’s central IT organization to run the cyber incident command center. The event exposed a systemic vulnerability: none of the enterprise IT platforms serving 56,000+ employees across 41+ state agencies had been systematically reviewed or remediated for security. The state legislature responded with comprehensive cybersecurity legislation mandating NIST framework adoption, biennial security assessments, and centralized cyber governance. The central IT organization needed to rapidly mature its security posture across mission-critical cloud and enterprise platforms — while establishing a sustainable, compliant security program from the ground up. 

NXT implemented a comprehensive cyber remediation program leveraging the NIST Risk Management Framework across 13 mission-critical statewide systems and 70 critical controls: 

• Executed all six NIST RMF steps: Categorize, Select, Implement, Assess, Authorize, Monitor 
• Established system baselines, SOPs, risk assessments, and change impact analysis processes 
• Scaled delivery through a POD structure — expanding from 1 pilot to 4 operational PODs  
• Deployed MFA, automated account lifecycle management, and encryption 
• Created repeatable methodology and comprehensive documentation for long-term sustainability